See bottom of thread for thoughts
the circumstances arose where mail folders are kept
from a pre-clamav time, or there was an issue with the clamav setup at
the time, or clamav was not scanning incoming mail
I have to say that while I commend your sharing of a concept/idea, it
does appear that it's not very viable.
As for the situation, we've been using ClamAV for going on 3 years now,
and I have never (I repeat never) seen this occur.
Outside of a poor configuration/implementation that is.
We're using maildir instead of mbox so the OP's script.
However, I beg to differ on the point that post-delivery scanning is
useless (dumb???). We run clam through amavis. We also clamscan our mail
spool when fresh-clam gives us a new signature.
About once a week we catch something that there wasn't a signature for
when the mail hit amavis. Mostly its phish, but sometimes something
nastier. With about 500 mailboxes and 11Gig in our /var/mail, we
consider the scan time well worth it.
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
